Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Not open for further replies.
1 - 1 of 1 Posts

· Registered
20 Posts
Discussion Starter · #1 ·
hi, heres the situation, any advice appreciated.

Following moving house and trying to establish a LAN and net share of a mates adsl connection via his router, i had two weeks of troubleshooting networking and had to format and re-install winme on my system, as something had gone south stopping IE from connecting to his adsl pipex through his winxp pc.

upon on the fresh install all the networking problems were solved. My first plan was to get a drive image program running which flatly refused to read my drives, leaving me to toy with the idea of redoing the install in-case something had gone wrong. As a result I did not use windows update for the 22 critical updates available and my Norton AV has just expired so i installed nothing new (he's been fine behind his routers firewall and no service packs or AV software for over a year).

last night I had run spybot and ad-aware and scan-disked/defrag all my drives (in-case that helped he DI program to run) and afterwards downloaded a .pdf for an asus motherboard. Mid download a warning screen from "startup monitor" a utility from said :

"taskman.exe wishes to install a startup item"

I thought it looked fishy ( as i'd not asked to install anyitng) and declined it access, as it looked too much like taskmon.exe or tskmagr.exe (common startup files) and it's now sat disabled, waiting to startup via "startupcpl" if I reboot.

I googled "taskman.exe" and the first link was F-SECURES AV site which says it's either IRC_FAGOT WORM or DELODER worm and will run upon restarting, sink it's teeth and either eat up and replace lots of system files and then mail itself via IRC clients or else infect my mates pc via the router and do likewise whilst destroying sharefiles/filesharing in the process.

I ran "housecall" but it found nothing (presumably because I haven't rebooted, so it isn't installed yet) and i'm trying to download their free PC-ILLIN trial but my email isnt receiving their unlock link.

Do I actually have either of those worms sat dormant, waiting for a reboot? I'm certain the util that notified me, wont be able to stop it running, or is it just a normal system process ( i've done some searches on here of past threads and they point towards some confusion in 2003 when this worm first started up, or just something to ignore)

Whats my best options? I've got everything backed up from the reinstall and was toying with that idea anyway? Is that safer than rebooting once Ive got some AV software installed and attempting to kill it that way? Ive disconnected his pc from the router aswell so it cant spread to his.

Many thanks in advance to anyone with some insight

cheers Chasers
1 - 1 of 1 Posts
Not open for further replies.